clarify comment

author: Dr. Stephen Henson <steve@openssl.org> 2010-06-16 13:15:31 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-06-16 13:15:31 +0000
commit: a7c64928c83598b4807abd45e12d7544574ef09a (patch)
tree: 0ee33e67d3fe4e59439bccfe58ec239671aae0a4 /crypto/rand/md_rand.c
parent: c8bbd98a2b0c2a5164c42f951cd2866512839b5a (diff)
download: openssl-a7c64928c83598b4807abd45e12d7544574ef09a.zip
openssl-a7c64928c83598b4807abd45e12d7544574ef09a.tar.gz
openssl-a7c64928c83598b4807abd45e12d7544574ef09a.tar.bz2
1 files changed, 7 insertions, 4 deletions
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 4e581f3..943c936 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -492,12 +492,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 			goto err;
 
 #ifndef PURIFY /* purify complains */
-		/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
+		/* The following line uses the supplied buffer as a small
+		 * source of entropy: since this buffer is often uninitialised
+		 * it may cause programs such as purify or valgrind to
+		 * complain. So for those builds it is not used: the removal
+		 * of such a small source of entropy has negligible impact on
+		 * security.
+		 */
 		if (!MD_Update(&m,buf,j))
 			goto err;
-		/* We know that line may cause programs such as
-		   purify and valgrind to complain about use of
-		   uninitialized data.  */
 #endif
 
 		k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
author	Dr. Stephen Henson <steve@openssl.org>	2010-06-16 13:15:31 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-06-16 13:15:31 +0000
commit	a7c64928c83598b4807abd45e12d7544574ef09a (patch)
tree	0ee33e67d3fe4e59439bccfe58ec239671aae0a4 /crypto/rand/md_rand.c
parent	c8bbd98a2b0c2a5164c42f951cd2866512839b5a (diff)
download	openssl-a7c64928c83598b4807abd45e12d7544574ef09a.zip openssl-a7c64928c83598b4807abd45e12d7544574ef09a.tar.gz openssl-a7c64928c83598b4807abd45e12d7544574ef09a.tar.bz2